Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

network access restriction on site to site VPN.

Hi All,

I have created a site to site VPn between site A and Site B.

10.0.0.0/8 <> 192.168.0.0/16.

I want to restrict one IP address 10.1.1.10 from Site A to communicate to site B IP address 192.168.1.10. How can i do it on the site to site VPN. I know i can restrict it on the interface level on site A but for some reason i cannot apply it on site A. i want to apply this restrict on site B. Is there any solution for that. Your help will be appricated

1 REPLY
Community Member

Re: network access restriction on site to site VPN.

I got the solution. Thanks

access-list 103 extended deny tcp host 172.16.1.2 host 172.22.1.2 eq 80

!--- Access list 103 is created for the VPN Filter.

!--- This access list 103 filters/denies the request from the remote host(172.16.1.2)

!--- to the local WEB Server (172.22.1.2).

access-list 103 extended permit ip any any

group-policy filter internal

group-policy filter attributes

vpn-filter value 103

!--- Create the group policy (filter)and specify the access list number

!--- in the vpn filter command.

tunnel-group 10.20.20.1 general-attributes

default-group-policy filter

!--- Associate the group policy (filter) with the tunnel group.

122
Views
0
Helpful
1
Replies
CreatePlease to create content